← back
CVE-2019-5786

CVE-2019-5786

CVSS 6.5 MEDIUMEPSS 61.5%● KEVCWE-416
In short

A flaw in Chrome's Blink engine allowed attackers to access memory outside intended boundaries through a specially crafted webpage. This could lead to crashes or potentially allow attackers to read sensitive data from the browser's memory.

Technical detail

Use-after-free vulnerability (CWE-416) in Blink's object lifetime management allowed remote attackers to perform out-of-bounds memory access when rendering a crafted HTML page, potentially enabling information disclosure or denial of service.

Summary generated and translated by AI from the official description.
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
Google · Chrome
public PoCs found2
githubgithub.com/exodusintel/CVE-2019-5786255exploitdbwww.exploit-db.com/exploits/46812unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/936448https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5786